1、安装并配置 Haproxy 的日志
root@web01:~# apt install -y haproxy
root@web01:~# vim /etc/haproxy/haproxy.cfg
# log /dev/log local0
# log /dev/log local1 notice
log 127.0.0.1 local6 #添加下面一行,发送至本机的514/udp的local6日志级别中
#在文件最后加下面段
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth admin:123456
root@web01:~# systemctl restart haproxy.service
通过浏览器访问haproxy的状态页,生成访问日志
![图片[1]-通过 Rsyslog 收集 Haproxy 日志并输出至 Elasticsearch-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2023/01/image-91.png)
![图片[2]-通过 Rsyslog 收集 Haproxy 日志并输出至 Elasticsearch-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2023/01/image-92.png)
2、编辑 Rsyslog 服务配置文件
# 在haproxy主机上配置rsyslog服务
root@web01:~# vim /etc/rsyslog.conf
# 取消下面两行的注释,实现接收haproxy的日志
module(load="imudp")
input(type="imudp" port="514")
# 备份原有haproxy的配置文件
root@web01:/etc/rsyslog.d# mv 49-haproxy.conf 49-haproxy.conf.bak
# 加下面行,将haproxy日志再利用UDP或TCP转发到logstash服务器
root@web01:/etc/rsyslog.d# vim /etc/rsyslog.d/haproxy.conf
local6.* @192.168.1.108:514
root@web01:~# systemctl restart haproxy.service rsyslog.service
3、编辑 Logstash 配置文件
配置logstash监听一个本地端口作为日志输入源,用于接收从rsyslog服务转发过来的haproxy服务器日志
logstash的服务器监听的IP:端口和rsyslog输出IP和端口必须相同
root@logstash01:~# vim /etc/logstash/conf.d/haproxy-syslog-to-es.conf
input {
syslog {
host => "0.0.0.0"
port => "514" #指定监听的UDP/TCP端口,注意普通用户无法监听此端口
type => "haproxy"
}
}
output {
if [type] == 'haproxy' {
stdout {
codec => "rubydebug" #默认值,可以省略
}
}
}
root@logstash01:~# logstash -f /etc/logstash/conf.d/haproxy-syslog-to-es.conf -t
root@logstash01:~# logstash -f /etc/logstash/conf.d/haproxy-syslog-to-es.conf
{
"type" => "haproxy",
"program" => "root",
"facility_label" => "local6",
"@timestamp" => 2023-01-04T11:52:04.000Z,
"host" => "192.168.1.105",
"severity_label" => "Informational",
"@version" => "1",
"timestamp" => "Jan 4 11:52:04",
"logsource" => "web01",
"severity" => 6,
"message" => "This is a test log",
"priority" => 182,
"facility" => 22
}
# 验证
root@web01:~# logger -p "local6.info" "This is a test log"
浏览器刷新页面验证
{
"pid" => "78618",
"type" => "haproxy",
"program" => "haproxy",
"facility_label" => "local6",
"@timestamp" => 2023-01-04T11:52:34.000Z,
"host" => "192.168.1.105",
"severity_label" => "Informational",
"@version" => "1",
"timestamp" => "Jan 4 11:52:34",
"logsource" => "localhost",
"severity" => 6,
"message" => "192.168.1.1:60652 [04/Jan/2023:11:52:34.879] stats stats/<NOSRV> 0/-1/-1/-1/0 503 221 - - SC-- 2/2/0/0/0 0/0 \"GET /favicon.ico HTTP/1.1\"",
"priority" => 182,
"facility" => 22
}
4、将输出改为 Elasticsearch
root@logstash01:~# vim /etc/logstash/conf.d/haproxy-syslog-to-es.conf
input {
syslog {
host => "0.0.0.0"
port => "514" #指定监听的UDP/TCP端口,注意普通用户无法监听此端口
type => "haproxy"
}
}
output {
if [type] == 'haproxy' {
stdout {
codec => "rubydebug" #默认值,可以省略
}
elasticsearch {
hosts => ["192.168.1.101:9200"]
index => "syslog-haproxy-%{+YYYY.MM.dd}"
}
}
root@logstash01:~# systemctl restart logstash.service
![图片[3]-通过 Rsyslog 收集 Haproxy 日志并输出至 Elasticsearch-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2023/01/image-93.png)
![图片[4]-通过 Rsyslog 收集 Haproxy 日志并输出至 Elasticsearch-李佳程的个人主页](http://www.lijiach.com/wp-content/uploads/2023/01/image-94.png)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
